CN111935176B - Anti-cheating system and method for network security CTF competition - Google Patents

Anti-cheating system and method for network security CTF competition Download PDF

Info

Publication number
CN111935176B
CN111935176B CN202010984461.2A CN202010984461A CN111935176B CN 111935176 B CN111935176 B CN 111935176B CN 202010984461 A CN202010984461 A CN 202010984461A CN 111935176 B CN111935176 B CN 111935176B
Authority
CN
China
Prior art keywords
flag
competition
information
session
question
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010984461.2A
Other languages
Chinese (zh)
Other versions
CN111935176A (en
Inventor
程能杰
谢峥
高庆官
唐海均
王国伟
高丽彪
王鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Cyber Peace Technology Co Ltd
Original Assignee
Nanjing Cyber Peace Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Cyber Peace Technology Co Ltd filed Critical Nanjing Cyber Peace Technology Co Ltd
Priority to CN202010984461.2A priority Critical patent/CN111935176B/en
Publication of CN111935176A publication Critical patent/CN111935176A/en
Application granted granted Critical
Publication of CN111935176B publication Critical patent/CN111935176B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a cheating prevention system and a cheating prevention method for network security CTF competition. The CTF test paper module is used for synthesizing competition test papers and generating Flag for all the questions; the game question management module is used for generating a game question environment and writing Flag into the game question environment; the operation machine management module is used for generating a competition-participating operation machine connected with a competition environment for competition-participating players; the Flag session module is used for storing session records within the session validity period; the Flag security module is used for carrying out security Flag information replacement on the intercepted message; and the CTF test paper module judges whether cheating or abnormity exists according to the Flag session record. The invention can improve the security of the competition platform, the resistance and the detection capability of the platform to cheating behaviors, and can be suitable for application scenes of various protocols for accessing competition questions.

Description

Anti-cheating system and method for network security CTF competition
Technical Field
The invention relates to a cheating prevention system and a cheating prevention method for network security CTF competition, and belongs to the technical field of networks.
Background
The CTF generally translates into flag-robbing contests, which refers to a kind of contest form for technical competition among network security technicians in the field of network security. CTF originated in DEFCON global hacker's congress in 1996 to replace previous ways in which hackers compared technically by launching real attacks against each other. Development has so far become a popular form of competition for the world wide network security circle. In the CTF competition, the competition teams participate through the field network to solve the problem of point values and time of network security technology challenge subjects for ranking, and the competition teams obtain a string of character strings Flag with a certain format from the competition environment given by the host and submit the string Flag to the host so as to capture the point values.
The CTF competition deployment diagram is shown in FIG. 1, competition teams access a CTF competition platform network through an entity switch, the CTF competition platform is composed of control nodes and CTF competition question nodes, the CTF test paper modules of the control nodes are responsible for generating test paper and competition question Flag of competition, meanwhile, verification of the competition question Flag submitted by competition teams is supported to update team score and ranking conditions, the competition question control modules establish virtual machines according to the test paper to set up competition question environments and write the competition question Flag into the competition question control modules, and the competition teams are connected with the competition question virtual machines to obtain the competition question Flag through technical means. The conventional network security CTF competition process mainly comprises the following steps: inputting competition team information to generate competition team member accounts, generating competition test paper, generating competition question environments according to the competition test paper, leading competition question flags into the competition question environments, enabling competition team members to log in a CTF competition platform to obtain the competition test paper, enabling the competition team members to be connected with the competition question environments to obtain the competition question flags, submitting the competition question flags by the competition team members, and updating team scores and ranks. Because the fixed game question Flag is not easy to keep secret, no space isolation exists between the team members in the competition field, the game question Flag obtained by the team members is easy to leak and submitted to score by other team members, and no effective monitoring means is provided for finding cheating behaviors and obtaining evidence of the cheating behaviors, the problems that the cheating behaviors are easy to occur and the cheating behaviors are difficult to find exist in the conventional process are solved.
In order to overcome the problem that the fixed game question Flag is not easy to keep secret, China invention patent application CN201810412456.7 discloses a method for generating CTF dynamic Flag based on transparent proxy, a user only Token is planted in a user browser, an online competition platform guides a user access game question address to a proxy server, the proxy server forwards a request to the game question server, and after receiving the game question content returned by the game question server, the Flag in the game question content is replaced by new Flag generated after the original Flag and the user Token are reversibly encrypted; and after receiving the Flag submitted by the user, the online competition platform carries out reversible encryption inverse operation on the Flag submitted by the user and the original competition question Flag, and obtains a user answer result according to the inverse operation result. The scheme can realize cheating prevention and log recording under the condition that a user does not sense in the whole process, but has the following defects: 1. all processes depend on Token of a browser strongly, as a client means, the processes are unreliable and easy to be tampered, the proxy server cannot carry out effective authentication and verification, and the log associated with the Token is insufficient as a cheating evidence basis; 2. the Flag encryption algorithm depending on Token is easy to be corrected by the team members to brute force the key information by accessing Token; 3. the agent server proxies all the team member requests, and centralizes the scattered user access competition flow to the agent server; 4. the game questions are accessed by depending on the browser and limited by the browser as a client of the game questions, and application scenes for accessing the game questions by using a non-HTTP protocol exist in practical application.
Disclosure of Invention
The purpose of the invention is as follows: in view of the problems in the prior art, an object of the present invention is to provide a cheating prevention system and method for network security CTF competition, so as to improve the security of the competition platform, and the resistance and detection capability of the competition platform against cheating.
The technical scheme is as follows: in order to achieve the purpose, the anti-cheating system for the network security CTF competition comprises a CTF examination paper module, a competition question management module, an operator management module, a Flag session module and a Flag security module;
the CTF test paper module is used for extracting the game questions to combine into a competition test paper and generating corresponding Flag for all the game questions; verifying the competition question Flag submitted by the competition participants;
the competition question management module is used for generating a virtual machine of a competition question environment according to the competition test paper and writing competition question Flag into the competition question environment;
the operation machine management module is used for generating a competition-participating operation machine for competition-participating team members and generating connection authentication information; recording all operations of the competition participants on the competition operation machine; the competition participants are connected with the competition environment through the competition operation machine;
the Flag session module is used for storing Flag session records within the session validity period, wherein the Flag session records comprise original Flag information, target IP information, safe Flag information and latest updating time;
the Flag security module is used for checking Flag information of a message sent to the competition participating operation machine by the intercepted competition environment virtual machine, inquiring whether a Flag session record within the session validity period exists in the Flag session module according to the Flag information and the target IP information, replacing original Flag information by the security Flag information if the Flag session record exists, updating the latest updating time, supplementing a target IP and a timestamp to the original Flag information if the Flag session record does not exist, signing and encrypting to generate the security Flag information, storing the Flag session record, and replacing the original Flag information by the security Flag information;
the CTF test paper module decrypts and checks the tag after receiving the submitted competition question Flag, directly judges that the Flag is invalid for the Flag which fails to check the tag, inquires Flag session records according to the submitted Flag information for the Flag which succeeds in checking the tag, and judges that the Flag is valid if matched Flag session records exist and the matched target IP is the IP of the team member operating machine in the participating team; if the matched Flag session records exist but the matched target IP is not the IP of the operator in the team, determining that cheating behaviors exist; if no matching Flag session record exists, then it is determined that abnormal behavior exists.
Further, the original Flag information generated by the CTF test paper module for the contest questions is filled with enough filling data to ensure that the original Flag information is consistent with the safety Flag information in length.
Furthermore, the message is intercepted by configuring the flow table record in the virtual switch on the CTF question node.
Further, signature algorithms used for generating the secure Flag information include an MD5 algorithm and an SHA256 algorithm, and encryption algorithms include an AES algorithm, a DES algorithm and an RSA algorithm.
Based on the same inventive concept, the anti-cheating method for network security CTF competition comprises the following steps:
step 1: generating a competition-participating operating machine on an operating machine node for a competition-participating team member, and generating connection authentication information; after the competition personnel connects the competition operation machine, recording all the operations of the competition personnel on the competition operation machine;
step 2: extracting the game questions to combine into a competition test paper, and generating corresponding Flag for all the game questions;
and step 3: generating a virtual machine of a competition question environment on a competition question node according to the competition test paper and writing competition question Flag into the competition question environment;
and 4, step 4: when a competition team member connects a competition problem environment through a competition operation machine, intercepting a message sent to the competition operation machine by a competition problem environment virtual machine, checking Flag information of the intercepted message, inquiring whether a Flag session record in a session validity period exists according to the Flag information and target IP information, replacing original Flag information by safe Flag information if the Flag session record exists, updating the latest updating time, resending the message, supplementing a target IP and a timestamp to the original Flag information if the Flag session record does not exist, signing and encrypting to generate safe Flag information, storing the Flag session record, replacing the original Flag information by the safe Flag information, and resending the message; the Flag session record comprises original Flag information, target IP information, safe Flag information and latest updating time;
and 5: decrypting and checking the tag after receiving the competition question Flag submitted by the competition team members, directly judging that the Flag is invalid for the Flag which fails to check the tag, inquiring Flag session records according to the submitted Flag information for the Flag which succeeds in checking the tag, and judging that the Flag is valid if matched Flag session records exist and the matched target IP is the IP of the team member operating machine in the competition team; if the matched Flag session records exist but the matched target IP is not the IP of the operator in the team, determining that cheating behaviors exist; if no matching Flag session record exists, then it is determined that abnormal behavior exists.
Has the advantages that: the invention improves the security of the competition platform through the design of the operating machine management module. The operation machine management module can support log recording, authorization control and auditing functions, improves monitoring and control strength of the competition platform on competition team behaviors, only allows the competition operation machine to access the competition platform network, and improves network level safety. Through the design of the Flag security module and the Flag session module, the safe Flag information replacement is only needed to be realized in the virtual switch of the competition question node, the existing competition participating terminal and the competition question environment are not modified, the isolated safe Flag information is provided for different competition team members, the resistance and the detection capability of the competition platform to cheating behaviors are improved, the method is not limited to an HTTP (hyper text transport protocol) protocol use scene, and the method can be suitable for application scenes of various protocols for accessing the competition questions.
Drawings
Fig. 1 is a deployment diagram of a conventional network security CTF competition.
Fig. 2 is a schematic structural diagram of a system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be obtained by a person skilled in the art based on the embodiments of the present invention without any inventive step are within the scope of the present invention.
As shown in fig. 2, the cheating prevention system for network security CTF competition disclosed in the embodiment of the present invention mainly includes a CTF examination paper module, a question management module, an operator management module, a Flag session module, and a Flag security module. The CTF test paper module is used for extracting the game questions to combine into a competition test paper and generating corresponding Flag for all the game questions; verifying the competition question Flag submitted by the competition participants; the competition question management module is used for generating a virtual machine of a competition question environment according to the competition test paper and writing competition question Flag into the competition question environment; the operation machine management module is used for generating a competition-participating operation machine for the competition-participating team members and generating connection authentication information; recording all operations of the competition participants on the competition operation machine; the competition members are connected with the competition environment through the competition operating machines.
The Flag session module is used for storing Flag session records within the session validity period, and the Flag session records comprise original Flag information, target IP information, safe Flag information and latest updating time; and the Flag security module is used for checking Flag information of the intercepted message sent by the racing question environment virtual machine to the racing operation machine, inquiring whether Flag session records in the session validity period exist in the Flag session module according to the Flag information and the target IP information, replacing the original Flag information with the security Flag information if the Flag session records exist, updating the latest updating time, supplementing the target IP and the timestamp to the original Flag information if the Flag session records do not exist, signing and encrypting the original Flag information to generate the security Flag information, storing the Flag session records, and replacing the original Flag information with the security Flag information.
The CTF test paper module decrypts and checks the tag after receiving the submitted competition question Flag, directly judges that the Flag is invalid for the Flag which fails to check the tag, inquires Flag session records according to the submitted Flag information for the Flag which succeeds in checking the tag, and judges that the Flag is valid if matched Flag session records exist and the matched target IP is the IP of the team member operating machine in the participating team; if the matched Flag session records exist but the matched target IP is not the IP of the operator in the team, determining that cheating behaviors exist; if no matching Flag session record exists, then it is determined that abnormal behavior exists.
For those skilled in the art, the modules in the above embodiments may be adaptively changed, for example, they may be divided into a plurality of sub-modules/units.
Based on the same inventive concept, the anti-cheating method for network security CTF competition disclosed by the embodiment of the invention comprises the following steps:
(1) generating a competition-participating operating machine on an operating machine node for a competition-participating team member, and generating connection authentication information; after the competition personnel connects the competition operation machine, recording all the operations of the competition personnel on the competition operation machine;
(2) extracting the game questions to combine into a competition test paper, and generating corresponding Flag for all the game questions;
(3) generating a virtual machine of a competition question environment on a competition question node according to the competition test paper and writing competition question Flag into the competition question environment;
(4) when a competition team member connects a competition problem environment through a competition operation machine, intercepting a message sent to the competition operation machine by a competition problem environment virtual machine, checking Flag information of the intercepted message, inquiring whether a Flag session record in a session validity period exists according to the Flag information and target IP information, replacing original Flag information by safe Flag information if the Flag session record exists, updating the latest updating time, resending the message, supplementing a target IP and a timestamp to the original Flag information if the Flag session record does not exist, signing and encrypting to generate safe Flag information, storing the Flag session record, replacing the original Flag information by the safe Flag information, and resending the message; the Flag session record comprises original Flag information, target IP information, safe Flag information and latest updating time;
(5) decrypting and checking the tag after receiving the competition question Flag submitted by the competition team members, directly judging that the Flag is invalid for the Flag which fails to check the tag, inquiring Flag session records according to the submitted Flag information for the Flag which succeeds in checking the tag, and judging that the Flag is valid if matched Flag session records exist and the matched target IP is the IP of the team member operating machine in the competition team; if the matched Flag session records exist but the matched target IP is not the IP of the operator in the team, determining that cheating behaviors exist; if no matching Flag session record exists, then it is determined that abnormal behavior exists.
The following describes a specific application of the embodiment of the present invention in detail with reference to a specific network security CTF competition scenario. The network security CTF competition process adopting the anti-cheating system of the embodiment of the invention is as follows:
1) and inputting the information of the participating team to generate an account of the participating team members. And the CTF competition platform administrator inputs competition team information in a CTF test paper module of the control node and generates competition participating account numbers for all competition team members so that the competition team members submit competition answer and update competition score ranking on the CTF competition platform.
2) The operation machine management module generates a competition-participating operation machine for the competition-participating team members and generates connection authentication information. And the operation machine management module creates a virtual machine as a competition-participating operation machine for each competition-participating member at the operation machine node.
3) And generating a competition test paper. And the CTF test paper module of the CTF competition platform control node extracts competition questions from the competition question list to combine into a competition test paper, generates corresponding Flag for all the competition questions, and fills enough filling data to ensure that the length of the Flag is consistent with that of the safety Flag information. In practical application, Flag valid information is generally a 32-bit uuid character string.
4) And generating a competition question environment according to the competition test paper. And a game question management module in the control node acquires a locally stored game question mirror image according to the test paper game question list and generates virtual machines in different game question environments at the game question node.
5) The topic Flag imports the topic environment. And the competition question control module writes the competition question Flag generated by the CTF test paper module into the corresponding competition question environment.
6) And configuring the flow table record in the virtual switch of the CTF question node, and intercepting the TCP message (or other transport layer protocol messages such as UDP) possibly containing Flag information. In practical application, an ovs-ofctl command tool of an OpenVswitch component is adopted to issue a flow table for a virtual switch of a question node, wherein the flow table comprises a matching item and an action, the matching item is set to be an IP address in the question node as a source IP, the target IP is an IP address in an operator node and the like (for more accurately matching a TCP message carrying Flag, a field matched with a Flag setting rule can also be used for matching a protocol type, a control bit identifier and the like), all TCP messages possibly containing Flag information are matched, the action is set to be not forwarded, and a command such as ovs-ofctl add-flow is given.
7) The competition personnel are connected with the competition operation machine through the operation machine management module. The operation machine management module records all operations of the competition participants on the operation machine, has the functions of identity authentication, authorization control, safety audit and the like, and can be used for connection and login of the operation machine through SSH (secure Shell) protocols, RDP (remote desktop protocol) protocols and the like when components are actually applied, such as JumpServer, Guacamole and the like.
8) The competition team member logs in the CTF competition platform through the operating machine to obtain competition test paper. The competition participants access the CTF competition network through the competition participant operating machine, and log in the CTF test paper module through the distributed competition participant accounts to obtain competition test papers. In practical application, the CTF test paper module opens Web service to provide access for the team members.
9) The contestants are connected with the contest environment through the operating machine to obtain the contest Flag. The contestants connect the contest environment according to the contest environment access address provided by the test paper contest, and acquire the contest Flag through various security technologies. The game question Flag in the actual application is stored in an HTTP response header field, an HTTP response body field, file contents and the like.
10) And the Flag security module carries out security Flag information replacement on the intercepted TCP message. The Flag security module checks original Flag information existing in an HTTP response head, an HTTP response body and file contents in a TCP message, and searches whether Flag session records (the original Flag information, the target IP information, the security Flag information and the latest updating time) within the session validity period exist or not through the original Flag information and the target IP information; if yes, updating the latest updating time of the record field, and replacing the original Flag information of the TCP message with the safe Flag information; and if the Flag information does not exist, recalculating the safe Flag information, saving a Flag session record, and replacing the original Flag information with the calculated safe Flag information. The secure Flag information calculation method comprises the following steps: and removing the Flag filling data, supplementing the target IP address and the current timestamp, and signing and encrypting to generate the safe Flag information. The Flag session module will periodically clean up Flag session records that exceed the validity period. In practical application, the validity period of the Flag session record is generally 30 minutes, the signature algorithm such as the MD5 algorithm, the SHA256 algorithm and the like, and the encryption algorithm such as the AES algorithm, the DES algorithm, the RSA algorithm and the like.
11) And retransmitting the TCP message with the replaced safety Flag information. In practical application, a Scapy tool is adopted for TCP message reconstruction and transmission.
12) The team members submit the game question Flag through the operating machine, and the CTF test paper module judges the submitted result, updates the score and ranks. And submitting the acquired game question Flag to the CTF test paper module by the team members, verifying the game question Flag by the CTF test paper module, decrypting and checking the game question Flag, and directly judging that the Flag is invalid for the Flag which fails in checking the Flag. For Flag which is successfully signed, inquiring Flag session records of a Flag session module according to submitted Flag information, and if matched Flag session records exist and matched target IPs are IPs of team operators in the participating team, judging that the Flag is valid and recording scores; if the matched Flag session records exist but the matched target IP is not the IP of the operator in the team, determining that cheating behaviors exist; and if the matched Flag session record does not exist, judging that abnormal behaviors exist and recording scores. In practical application, the Flag session module can store Flag session record data through a database such as MySQL, and the support control node directly accesses the Flag session record data through database connection.
13) For the competition teams with cheating behaviors, the operation machine management module directly stops the authorization of the operation machines of the competition teams, the operation logs and videos of the operation machines are audited, and a platform manager conducts cheating processing notification on the competition teams according to audit results.
14) For the competition teams with abnormal behaviors, a platform administrator audits operation logs and videos of the operation machine, cheating occurs, authorization of the competition team operation machine is directly stopped through the operation machine management module, and cheating processing notification is given; if no cheating phenomenon exists, no treatment is carried out.

Claims (5)

1. An anti-cheating system for network security CTF competition is characterized by comprising a CTF test paper module, a competition question management module, an operator management module, a Flag session module and a Flag security module;
the CTF test paper module is used for extracting the game questions to combine into a competition test paper and generating corresponding Flag for all the game questions; verifying the competition question Flag submitted by the competition participants;
the competition question management module is used for generating a virtual machine of a competition question environment on the CTF competition question node according to the competition test paper and writing competition question Flag into the competition question environment;
the operation machine management module is used for generating a competition-participating operation machine for competition-participating team members and generating connection authentication information; recording all operations of the competition participants on the competition operation machine; the competition participants are connected with the competition environment through the competition operation machine;
the Flag session module is used for storing Flag session records within the session validity period, wherein the Flag session records comprise original Flag information, target IP information, safe Flag information and latest updating time;
the Flag security module is used for checking Flag information of a message sent by the intercepted racing question environment virtual machine to the racing operation machine, inquiring whether Flag session records in the session validity period exist in the Flag session module according to the Flag information and the target IP information, replacing original Flag information with the security Flag information if the Flag session records exist, updating the latest updating time, supplementing the target IP and the timestamp to the original Flag information if the Flag session records do not exist, signing and encrypting the original Flag information to generate the security Flag information, storing the Flag session records to the Flag session module, and replacing the original Flag information with the security Flag information;
the CTF test paper module decrypts and checks the tag after receiving the submitted competition question Flag, directly judges that the Flag is invalid for the Flag which fails to check the tag, inquires Flag session records according to the submitted Flag information for the Flag which succeeds in checking the tag, and judges that the Flag is valid if matched Flag session records exist and the matched target IP is the IP of the team member operating machine in the participating team; if the matched Flag session records exist but the matched target IP is not the IP of the operator in the team, determining that cheating behaviors exist; if no matching Flag session record exists, then it is determined that abnormal behavior exists.
2. The anti-cheating system for network security CTF competitions as claimed in claim 1, wherein the original Flag information generated by the CTF test paper module for the contest questions is ensured to be consistent with the length of the security Flag information by filling enough filling data.
3. The anti-cheating system for network security CTF competitions of claim 1, wherein the message is intercepted by configuring an internal flow table record in a virtual switch on the CTF competition question node.
4. The anti-cheating system for network security CTF competitions according to claim 1, wherein the signature algorithm used for generating the secure Flag message includes MD5 algorithm, SHA256 algorithm, and the encryption algorithm includes AES algorithm, DES algorithm, RSA algorithm.
5. A cheat-preventing method for network security CTF competition is characterized by comprising the following steps:
step 1: generating a competition-participating operating machine on an operating machine node for a competition-participating team member, and generating connection authentication information; after the competition personnel connects the competition operation machine, recording all the operations of the competition personnel on the competition operation machine;
step 2: extracting the game questions to combine into a competition test paper, and generating corresponding Flag for all the game questions;
and step 3: generating a virtual machine of a competition question environment on a competition question node according to the competition test paper and writing competition question Flag into the competition question environment;
and 4, step 4: when a competition team member connects a competition problem environment through a competition operation machine, intercepting a message sent to the competition operation machine by a competition problem environment virtual machine, checking Flag information of the intercepted message, inquiring whether a Flag session record in a session validity period exists according to the Flag information and target IP information, replacing original Flag information by safe Flag information if the Flag session record exists, updating the latest updating time, resending the message, supplementing a target IP and a timestamp to the original Flag information if the Flag session record does not exist, signing and encrypting to generate safe Flag information, storing the Flag session record, replacing the original Flag information by the safe Flag information, and resending the message; the Flag session record comprises original Flag information, target IP information, safe Flag information and latest updating time;
and 5: decrypting and checking the tag after receiving the competition question Flag submitted by the competition team members, directly judging that the Flag is invalid for the Flag which fails to check the tag, inquiring Flag session records according to the submitted Flag information for the Flag which succeeds in checking the tag, and judging that the Flag is valid if matched Flag session records exist and the matched target IP is the IP of the team member operating machine in the competition team; if the matched Flag session records exist but the matched target IP is not the IP of the operator in the team, determining that cheating behaviors exist; if no matching Flag session record exists, then it is determined that abnormal behavior exists.
CN202010984461.2A 2020-09-18 2020-09-18 Anti-cheating system and method for network security CTF competition Active CN111935176B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010984461.2A CN111935176B (en) 2020-09-18 2020-09-18 Anti-cheating system and method for network security CTF competition

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010984461.2A CN111935176B (en) 2020-09-18 2020-09-18 Anti-cheating system and method for network security CTF competition

Publications (2)

Publication Number Publication Date
CN111935176A CN111935176A (en) 2020-11-13
CN111935176B true CN111935176B (en) 2020-12-29

Family

ID=73333861

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010984461.2A Active CN111935176B (en) 2020-09-18 2020-09-18 Anti-cheating system and method for network security CTF competition

Country Status (1)

Country Link
CN (1) CN111935176B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113786625A (en) * 2021-07-28 2021-12-14 北京永信至诚科技股份有限公司 Online anti-cheating monitoring method and device
CN114338185B (en) * 2021-12-30 2024-01-30 中国电信股份有限公司 Method and device for processing flag, electronic equipment and computer readable medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108786115A (en) * 2018-05-03 2018-11-13 南京赛宁信息技术有限公司 The method and system of CTF dynamics Flag are generated based on Transparent Proxy
CN109714321A (en) * 2018-12-14 2019-05-03 西安四叶草信息技术有限公司 Dynamic flag processing method and processing device
CN111209089A (en) * 2020-02-28 2020-05-29 杭州师范大学 CTF competition online environment type topic safety deployment method based on Docker container
CN111464530A (en) * 2020-03-31 2020-07-28 中电运行(北京)信息技术有限公司 Network security simulation target range platform service providing method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5204155B2 (en) * 2010-06-21 2013-06-05 株式会社スクウェア・エニックス Video game system
CN106254547A (en) * 2016-09-29 2016-12-21 北京理工大学 A kind of network security technology contest dynamic FLAG management method
KR102643457B1 (en) * 2018-11-19 2024-03-06 에스케이하이닉스 주식회사 Ldpc decoder, semiconductor memory system and operating method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108786115A (en) * 2018-05-03 2018-11-13 南京赛宁信息技术有限公司 The method and system of CTF dynamics Flag are generated based on Transparent Proxy
CN109714321A (en) * 2018-12-14 2019-05-03 西安四叶草信息技术有限公司 Dynamic flag processing method and processing device
CN111209089A (en) * 2020-02-28 2020-05-29 杭州师范大学 CTF competition online environment type topic safety deployment method based on Docker container
CN111464530A (en) * 2020-03-31 2020-07-28 中电运行(北京)信息技术有限公司 Network security simulation target range platform service providing method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"AAG: A Model for Attack Behavior Judgment in CTF-style Cyber Security Training";Zimian Liu 等;《2019 IEEE 10th International Conference on Software Engineering and Service Science (ICSESS)》;20200319;第54-58页 *
"Explore-Exploit:一种模拟真实网络渗透";章秀 等;《信息安全学报》;20200731;第55-71页 *

Also Published As

Publication number Publication date
CN111935176A (en) 2020-11-13

Similar Documents

Publication Publication Date Title
CN105491001B (en) Secure communication method and device
US7769172B2 (en) Methods and systems for secure distribution of subscription-based game software
CN105337949B (en) A kind of SSO authentication method, web server, authentication center and token verify center
US8776199B2 (en) Authentication of a server by a client to prevent fraudulent user interfaces
CN1682204B (en) Certification processing hardware, certification processing system and use management hardware
CN106339613B (en) A kind of processing method, terminal and server using data
CN108235805A (en) Account unifying method and device and storage medium
CN103179134A (en) Single sign on method and system based on Cookie and application server thereof
CN107332808A (en) A kind of method, server and the terminal of the certification of cloud desktop
CN111935176B (en) Anti-cheating system and method for network security CTF competition
CN111209089B (en) CTF competition online environment class title safety deployment method
CN107251035A (en) Account recovers agreement
CN108322461A (en) Method, system, device, equipment and the medium of application program automated log on
CN105225328B (en) The mobile terminal electronic voting method and system recognized based on face characteristic
US20210136105A1 (en) Security mechanisms for preventing retry or replay attacks
CN108737110A (en) A kind of data encryption and transmission method and device for anti-replay-attack
CN105704117A (en) Internet online voting system
Calzavara et al. Sub-session hijacking on the web: Root causes and prevention
CN108965275A (en) A kind of method and system for experiencing game
CN104270346B (en) The methods, devices and systems of two-way authentication
JP2005301577A (en) Authentication system, authentication program for server, and authentication program for client
Badih et al. On Second-Order Detection of Webcam Spyware
Jussila HTTP cookie weaknesses, attack methods and defense mechanisms: a systematic literature review
Oppliger et al. Captcha-based code voting
Lucas TLS Mastery: Beastie Edition

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant